ConfigServer Services HelpDesk
Server Management Services from Way to The Web Ltd
ConfigServer Home Page

Store Closure for Short Break

We will be closing our Store, Email and Helpdesk from 09:00 GMT Wednesday, 30 November 2022 to 09:00 GMT Wednesday, 7 December 2022. No orders, support requests or sales emails will be processed between those dates.

If you purchase a license or Service Package before the closing date and require installation, please be sure to leave at least 24 hours before then for the work to be done. Otherwise, any work will be scheduled for after this period.

There was a problem loading the comments.

Why is lfd reporting Process Tracking processes through that are (deleted)?

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
lfd will report processes, even if they're listed in csf.pignore, if they're tagged as (deleted) by Linux. This information is provided in Linux under /proc/PID/exe A (deleted) process is one that is running a binary that has the inode for the file removed from the file system directory. This usually happens when the binary has been replaced due to an upgrade for it by the OS vendor or another third party (e.g. cPanel). You need to investigate whether this is indeed the case to be sure that the original binary has not been replaced by a rootkit.

To stop lfd reporting such process you need to restart the daemon to which it belongs and therefore run the process using the replacement binary (presuming one exists). This will normally mean running the associated script in /etc/init.d/ or systemd

Share via

Related Articles


Self-Hosted Help Desk Software by SupportPal
© ConfigServer Services